OpenSecOps Newsletter #4
We have a new release of OpenSecOps SOAR, v2.2.0. This version reduces noise from AWS Health incidents that should be INFORMATIONAL but aren’t:
The Problem
AWS Health notifications are designed to inform you about service events and maintenance windows. However, these informational messages are emitted by AWS as high-priority security incidents, creating false positives that:
• Generate unnecessary security tickets
• Divert security team attention from genuine threats
• Create noise in security dashboards and reports
• Trigger automated response workflows for non-security events
The Solution
OpenSecOps SOAR v2.2.0 introduces an AWS Health Reclassifier that automatically downgrades AWS Health informational notifications from LOW/MEDIuM/HIGH/CRITICAL severity to INFORMATIONAL severity. This prevents false positives while still maintaining visibility into AWS service communications.
The reclassifier intelligently identifies AWS Health findings and reclassifies their severity before they enter the SOAR processing pipeline, ensuring your security operations focus on genuine security threats.
Additional Improvements
• Enhanced Performance: Default Lambda runtime memory increased to 512 MB for improved processing speed across all SOAR functions.
Enabling the AWS Health Reclassifier
For new installations: The reclassifier is enabled by default.
For existing installations: Add the following line to your apps/soar/parameters.toml file at the end of the [SOAR.SAM] section:
ReclassifyAWSHealthIncidents = "Yes"
Then redeploy OpenSecOps SOAR to activate the feature.
This release continues our commitment to reducing security noise while maintaining comprehensive threat visibility.